If you've got Solaris with telnet running, you could be in for a big surprise. There is a fairly trivial Solaris telnet 0-day exploit in the wild [.pdf]. "This was posted to Full-Disclosure. Remote root exploit in the Solaris 10/11 telnet daemon. It doesn't require any skill, any exploit knowledge, and can be scripted for mass attacks. Basically if you pass a '-fusername' as an argument to the –l option you get full access to the OS as the user specified. In my example I do it as bin but it worked for regular users, just not for root. This combined with a reliable local privilege escalation exploit would be devastating. Expect mass scanning and possibly the widespread exploitation of this vulnerability."

You have to realize that telnet is deeply entrenched into many environments. So... the argument of "don't use telnet", is NOT going to work in many places. While I certainly advocate for the destruction of telnet and ftp, there are many places that have these tools deeply embedded into their INTERNAL infrastructure.

I emphasize INTERNAL because most believe they were relatively safe running those insecure protocols on the inside of a private network.

Second, you DON'T need to use -l"-froot" to be able to compromise a remote host. All you need is a somewhat priv'd user to cause some havoc. Shoot.. do you want somebody logging in as your username? How about the id of the database user? I can think of a million of these. Sure... it's possible that a good administrator has prevented direct logins (e.g. no shell) for these accounts... but still... probably not just because nobody expected there to be a huge gaping hole in the telnet server.

So... to all who say... "ah, this is no big deal"... blurzptz to ya! This is a VERY big deal.

Well thanks to you and the previous poster we now know who the retards are that are still running telnet in 2007. You can put me in the "blame the admins" crowd if you like. I am an admin myself and would deserve to be fired if I ever even thought of turning on telnet over an open network.